[freenet-support] insecure mode and port forwarding

[Matthew Toseland]

On Saturday 26 April 2008 02:43, Jim Cook wrote:
> As far as I know, I don't know anyone running Freenet, so I'm running 
> in insecure/promiscuous mode.  Freenet kindly warns me that others 
> can therefore identify my node and attack it.  However, although I've 
> read the FAQ and googled some, I'm not clear what sorts of attacks 
> are possible, other than knowing which sites I've visited.

Lots. Read the wiki, start with the security page:
http://wiki.freenetproject.org/FreenetZeroPointSevenSecurity
> 
> Freenet also reminds me to forward UDP ports X and  because 
> I'm behind a NAT, and so other nodes behind symmetrical NATs can't 
> connect to my node.  However, Freenet seems to be working OK in that 
> I'm connected to ca. 13 nodes.  I currently don't forward any ports 
> through my hardware firewall, and I hesitate to do so without 
> understanding the security implications.

The result of forwarding the UDP ports is that Freenet can accept incoming 
connections from nodes which it isn't already sending a packet to. This is 
necessary for:
- Connecting to any node on a dynamic IP address. (You may still be able to 
connect, but only if the node manages to connect to one of its other peers 
and ARKs are working).
- Connecting to any node behind a symmetric firewall/NAT.
- Being a seednode.
> 
> I'd appreciate suggestions for further reading re both issues.
> 
> Thanks again.
-- next part --
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: 

Re: [freenet-support] insecure mode and port forwarding

[Matthew Toseland]

On Saturday 26 April 2008 02:43, Jim Cook wrote:
> As far as I know, I don't know anyone running Freenet, so I'm running 
> in insecure/promiscuous mode.  Freenet kindly warns me that others 
> can therefore identify my node and attack it.  However, although I've 
> read the FAQ and googled some, I'm not clear what sorts of attacks 
> are possible, other than knowing which sites I've visited.

Lots. Read the wiki, start with the security page:
http://wiki.freenetproject.org/FreenetZeroPointSevenSecurity
> 
> Freenet also reminds me to forward UDP ports X and  because 
> I'm behind a NAT, and so other nodes behind symmetrical NATs can't 
> connect to my node.  However, Freenet seems to be working OK in that 
> I'm connected to ca. 13 nodes.  I currently don't forward any ports 
> through my hardware firewall, and I hesitate to do so without 
> understanding the security implications.

The result of forwarding the UDP ports is that Freenet can accept incoming 
connections from nodes which it isn't already sending a packet to. This is 
necessary for:
- Connecting to any node on a dynamic IP address. (You may still be able to 
connect, but only if the node manages to connect to one of its other peers 
and ARKs are working).
- Connecting to any node behind a symmetric firewall/NAT.
- Being a seednode.
> 
> I'd appreciate suggestions for further reading re both issues.
> 
> Thanks again.


pgpQVW7g77edV.pgp
Description: PGP signature
___
Support mailing list
Support@freenetproject.org
http://news.gmane.org/gmane.network.freenet.support
Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support
Or mailto:[EMAIL PROTECTED]

[freenet-support] insecure mode and port forwarding

[Jim Cook]

As far as I know, I don't know anyone running Freenet, so I'm running 
in insecure/promiscuous mode.  Freenet kindly warns me that others 
can therefore identify my node and attack it.  However, although I've 
read the FAQ and googled some, I'm not clear what sorts of attacks 
are possible, other than knowing which sites I've visited.

Freenet also reminds me to forward UDP ports X and  because 
I'm behind a NAT, and so other nodes behind symmetrical NATs can't 
connect to my node.  However, Freenet seems to be working OK in that 
I'm connected to ca. 13 nodes.  I currently don't forward any ports 
through my hardware firewall, and I hesitate to do so without 
understanding the security implications.

I'd appreciate suggestions for further reading re both issues.

Thanks again.

=
Jim Cook   

[freenet-support] insecure mode and port forwarding

[Jim Cook]

As far as I know, I don't know anyone running Freenet, so I'm running 
in insecure/promiscuous mode.  Freenet kindly warns me that others 
can therefore identify my node and attack it.  However, although I've 
read the FAQ and googled some, I'm not clear what sorts of attacks 
are possible, other than knowing which sites I've visited.

Freenet also reminds me to forward UDP ports X and  because 
I'm behind a NAT, and so other nodes behind symmetrical NATs can't 
connect to my node.  However, Freenet seems to be working OK in that 
I'm connected to ca. 13 nodes.  I currently don't forward any ports 
through my hardware firewall, and I hesitate to do so without 
understanding the security implications.

I'd appreciate suggestions for further reading re both issues.

Thanks again.

=
Jim Cook <[EMAIL PROTECTED]>  


___
Support mailing list
Support@freenetproject.org
http://news.gmane.org/gmane.network.freenet.support
Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support
Or mailto:[EMAIL PROTECTED]